bind mounts related to content interface plugs remain stale on snap disconnect/connect or snap updates
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Snappy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
To reproduce:
snap install --edge test-snapd-
snap install --edge test-snapd-
snap disconnect test-snapd-
test-snapd-
"
Please run:
sudo snap connect content-
if you see an permission denied error
cat: /snap/test-
"
This is fine so far, as the plug is disconnected, but now try connecting the plug
snap connect test-snapd-
albaguirre@
Please run:
sudo snap connect content-
if you see an permission denied error
cat: /snap/test-
The same issue occurs when a snap updates to a new revision and the content plug is auto-connected. The bind mount will be stale and point to the old destination directory.
Changed in snappy: | |
status: | Fix Committed → Fix Released |
It looks like snap-confine has no way of checking that the fstab mnt entries generated by the snapd mount security backend have been changed or removed.
Probably easier to have snapd call snap-discard-ns on any content i/f connects/ disconnects.